7.15.2015

Click Bait This

There is a recent...not so recent, but in Internet terms recent...trend and it annoys the piss out of me.

No. It's not incorrectly using punctuation to keep a blog having more of a conversational tone than--hey...wait. I see what you did there.

No. It's click baiting.

Somewhere along the way people that host web-sites and companies that have websites figured out that they could make money just by making people click additional pages.

Check it out.

Your average web page has between five and fifteen different links that go to external sites. These links and web page space are purchased by advertisers and they pay the host on a click by click basis.

Don't bother checking the stats--it's more of an eyeball guesstimate. But seriously...what you need to pay attention to is the clicks.

It's all about the click.

So...you take a mediocre article. Little more than most of my blog entries (in length...I like to think my content is more enjoyable). With some stock photos. And instead of one page (like these) with maybe a few ads (I can't remember if I let Google put ads on my blog or not) and you split it in to 15 pages. Separated by the dreaded 'NEXT' button requiring you to...yup.. click.

Only the links to get to the next part of the article are many times obfuscated with other links (the dreaded ads). The good pages keeps the ads contained in frames. The shitty pages scatter the ads all over the page. ?Links everywhere.  The target space for the legitimate click is very narrow (even though the graphic might be big) while the target click area for the ads is quite large (even though it's only a link).

It sucks.

But it's all about the click.

And if you're on a mobile device, it's even worse. On the average cell phone (not the 'phablets'), it's quite easy to touch the wrong area of the screen.

I find that pages linked from Facebook tend to be the worst about this, but that's not always the case.

This is about to get part bitchy rant and part pro-tips that can save you some headaches.

But Todd...it's just a few harmless ads. Sure, they're annoying, but if I don't click on anything, no harm no foul, right? What's the worst that could happen?

Let me paint the picture for you.  You surf on a page. A web-site of a college your high-schooler is interested in, for example. You notice some ads on the right side of the page. One happens to be for a barrister in Australia (think 'lawyer', but with a cooler accent). Hmm. That's odd. You think. But you've seen stranger things and maybe that college has some connection Down Under.  You go on your way thinking no more about it.

You turn on your computer the next day.  All of your files are gone. In place of all of your files are TXT files (text) telling you how to pay the $1000 to get the de-cryption key. You now have the CryptoLocker Virus.

*PLEASE* Do me a favor and do NOT Google that. I'll tell you why in a minute

Back to the matter at hand. How did you get infected?  The days of only getting a virus from internet porn sites are long gone. Don't get me wrong, you'll still catch something from those sites if you're not careful, but you'll catch them for the same reason you catch them from sites as innocent as a college web page.

Remember that whole phenomenon about ads being on web pages and how that generates money for the page that hosts the ads? It does, but it's a huge problem. Those web pages have placeholders that point to external sites for those ads. So..something you think should be secure (like MSNBC.com, for example) has a link to some external server NOT hosted by MSNBC that is delivering the ad.

Now...let's say the code is sloppy. Or, let's assume the advertiser doesn't care as much about security as the host. It's very easy for those so inclined to insert malicious code.

Let's play out the college web page example.

So...you just viewed the main page. There were some ads. You didn't click on anything. You come back the next day and your computer is hosed. Only it's not just your computer. It's any mapped drive or resource or backup that your computer was connected to.  And this virus is nasty, folks, trust me on that.

So...you didn't click on anything. You didn't knowingly download anything.
How did you get infected.

It's a drive by insertion. Just by being on the page, the ad content was 'delivered.'  The ad content for the Aussie Lawyer contained malicious code. That was pushed to your computer. And executed. Without your knowledge.

It happens. It happened to my parents. It happened to a friend of mine. It's happened to people I know at their place of employment.

Here is the honest to goodness truth of the matter, and the sooner you accept this, the better off you will be:

IF YOU SURF THE NET, YOU WILL GET MALWARE or a VIRUS. PERIOD.

There are ways to mitigate it and minimize your risk, but the truth is you will get hit. I could right three more posts about how to protect yourself (or I could copy and paste my notes that are used for our company's security awareness course), but that's a topic for another time.

Some basics:

  • Always have an Anti-Virus program that is UP TO DATE running on your system. 
    • Our company uses ESET. I would stick with a well known company. And be prepared to pay for it. Nothing in this world is free.
  • Invest in Anti-Malware Software. 
    • Malwarebytes is a good one. There are others.
  • Never open attachments in emails that you aren't expecting. 
    • And scan the ones that come in emails if you ARE expecting them (or call the person who supposedly sent you the email to verify they actually sent it).
  • NEVER click a link in an email
  • Look in to using Firefox or Chrome to surf the net.
    •  These browsers have plug-ins available that disable ads. 
  • NEVER keep anything on a local disk that you can't afford to lose.
    • important files and documents should be kept on removable storage. 
  • EXPECT to get a virus or malware at some point.
BACKUP your important files to removable drives (And REMOVE the drive when you don't need the file. It's called removable for a reason, it's much more secure if you only connect it when you need to access the file).

UPDATE software through the VENDOR website or program only. NEVER update your software because something on a web page tells you to. This is a very effective way to get infected.


Alright. Now that the lesson is over...

But Todd....you didn't tell us why we shouldn't google CryptoLocker...

Ah yes. Did you know that you can BUY your search results ranking from Google? You can. If you want to be top of the list when someone searches for 'cryptolocker' you can pay to be there. And wouldn't it be cool if you did that, knowing that the page people clicked on would infect their computer just by going to the page?

No. No it wouldn't be cool.  But it happens. Because Hacking is big business. And hackers use viruses to get in to compromised systems. Be ever vigilant. 



Now on to the rant....

  • And what happened next will leave you in tears..
  • You'll never believe what shocking thing this father/mother/sister/uncle/leper down the street discovered
  • You won't believe your eyes
  • The result is shocking
  • What happened next is AMAZING
And many more similar phrases.

If you click on a link to go to an 'article' based on any verbiage similar to that above, you only have yourself to blame. These pages are Click Bait pages. Click on the link. Wind up on a page like the one I described above with very poor navigation all designed to trick you in to clicking in the wrong place.

Here's another pro-tip:
If you're clicking on one of these pages just to see a video, save yourself some heart ache. Go to youtube.com directly and search for the video there. Nine times out of ten, the video that you're going to be watching is hosted on youtube.com or vimeo.com anyway. Save yourself the clickbate headache and just start there. 

I really do miss the days when you could go to a web page and just see what you went there to see. Be it boobs or the schematics for the star ship Enterprise. I don't think we've actually progressed in that sense. 

We went from cleanly designed webpages with clear navigation to pages that look like bad sixth grade science projects. 

I'm gonna be over here playing Atari if anyone needs me.

-AT


No comments:

In the Raw

*Note: This will make more sense after you read the guest post on the Books By Violet Blog. Hang tight until then my regular readers.  Fo...